New in Symfony 2.6: The security:check command

Symfony 2.6 is going to be one of our most polished releases ever. As part of
the DX initiative we are tweaking and simplifying each and every part of the
framework, from the installer to the error pages.

In addition to these improvements, we are introducing some new features that are
important for professional PHP development. One of those features is the new
security:check command, which looks for known security vulnerabilities
in your project's dependencies.

Using it is as simple as entering your project's directory and executing the
following command:

1

$ php app/console security:check

This command looks for the composer.lock file of your project. Then it
checks all the known vulnerabilities for the specific dependencies and versions
that your project is using. If no problems are detected, you'll see the
following message:

If there is any security problem with your dependencies, you'll see the following
extended message which explains the exact vulnerability found for each dependency:

And for those of you with non-conventional project setups, the path for the
composer.lock file is configurable. Just provide the absolute path of the
file as the first argument of the command: